In this course, we shall be discussing Amazon Elastic Load Balancers (ELBs) and how ELBs integrate with other AWS services to help provide high availability, improve performance, and increase security for your applications.
By the end of this course, you will have a greater understanding of:
- ELBs integrations with key AWS services
- ELBs importance to Amazon Kubernetes
Anyone working with AWS Networking will benefit from this course, also if you are:
- Studying for the AWS Networking Specialty certification
- Studying for the AWS Solutions Architect certifications
If you are looking to increase your AWS knowledge, this course is for you.
Before attending this course, you should be familiar with Amazon ELB, including the different ELB types and how they are configured. Experience with AWS services such as CloudFront, WAF, and Global Accelerator is also desirable but not required.
For more information on these services, please see our existing courses:
- Using Elastic Load Balancing & EC2 Auto Scaling to support AWS workloads
- Introduction to DNS & Content Delivery on AWS
- Protecting your Web Apps against common exploits using AWS WAF
- AWS Networking features essential for a solutions architect
- Using Amazon Route 53 to route end users to internet applications
Throughout this course, we will be building on basic ELB integration that our customer ACME has already deployed. ACME has already deployed two EC2 instances in two availability zones within a single VPC. And each instance runs a copy of ACME's website. Right now, they use a single AWS region eu-west-2. In order to make their deployment highly available, they have deployed an application load balancer whose target group includes the two EC2 instances.
In addition, they now need to integrate their load balancer with Route 53. ACME has already configured a public hosted zone in Route 53 in order to resolve their websites domain name to public IP addresses of their EC2 instances. They now want to resolve their domain name to the public name of the application load balancer. To do this, they need to create an Alias record. Alias records map friendly names to the name of AWS services such as load balancers. Alias records are similar to CNAME records but are more efficient when both the zone and resource are hosted in AWS. Here's the example of a Route 53 Alias record. Notice how we have mapped www to the name of the load balancer.
Most websites that you visit today use https to secure communication between your device and the web server hosting your website. To use https, you need to obtain a digital certificate and install it on your web servers or load balancers. The web server or load balancer will then be responsible for data encryption and decryption. When using AWS, we can obtain digital certificates for free from Amazon Certificate manager. Amazon Certificate Manager is a regional service. If you need a certificate for your ELB in eu-west-2, then you should use ACM in the eu-west-2 region. To integrate your ELB with ACM, you request a certificate from ACM. The certificate should contain the names that you need to associate with your website. Here's the example of a certificate request for www.acme.com. Notice that this is a public certificate so it'll be trusted by browsers that we've included the names to be used with the certificate.
You can add multiple names that we have to validate certificate to prove we own the domain name by either using DNS validation or email validation. Once the certificate is valid, it's available for use in the selected region. Once the certificate is issued, you can use it with AWS resources in the same region. When using ELB, this means adding a secure listener to your ELB. Here we have an example of an ELB with a http listener. If you select add listener, you can run through the wizard to create secure listener that will use a certificate you've requested from ACM. Now, https can be used to access your website, but instead of the web service being used to encrypt and decrypt data, this work is offloaded to ELB freeing up resources on your web servers. If you want to enforce https access, you can remove the http listener.
Mike has worked in IT since 1997, specializing in networking, storage, and architecture. He's been in cloud computing for the last 8 years, working across several cloud platforms but specializing in AWS. He's been involved in many cloud projects over the years covering migrations, hybrid connectivity, security optimization, networking, and storage architecture.
He gained his first training qualification in 1998 and, about 3 years ago, became an AWS Authorized Champion Instructor. He's delivered AWS cloud courses across Europe for a range of clients, with a focus on Architecture, Security, and Networking. He currently holds certifications for the four biggest cloud vendors, including the AWS Solutions Architect Professional, AWS DevOps Engineer, and AWS Advanced Networking specialty certifications.
He lives in the North of England with his wife Frances and their dog Inca.